TikTok Irish DPC fine: China access and transfer transparency risk

Facts

The regulator found TikTok had not shown that EEA user personal data transferred to China received protection essentially equivalent to EU law and ordered remediation.

Compliance lessons

Cross-border data projects need regulator-ready proof of data location, access actors, transfer mechanisms, supplementary safeguards, and access logs, not only a privacy policy.

Legal issues

• GDPR跨境传输 / GDPR transfers
• 透明度 / transparency
• 远程访问 / remote access

Sources

• Irish Data Protection Commission press releasesregulator